Pfizer Inc. said some documents it had submitted to Europe’s top drug regulator regarding its COVID-19 vaccine had been accessed in a cyber-attack on the agency.
The U.S. drugmaker and German partner BioNTech SE said in a statement they had been told by the European Medicines Agency that some documents relating to the regulatory submission for their experimental vaccine that had been stored on the EMA server had been unlawfully accessed.
The companies said that none of their systems had been breached in connection with the incident and that they are “unaware that any study participants have been identified through the data being accessed.”
Pfizer and BioNTech said the EMA informed them that the attack would have no effect on the timing of the vaccine review. Regulators are already evaluating clinical trial data on a rolling basis, and a clearance is expected toward the end of the year.
Pfizer shares closed on Wednesday down 1.7% to $41.85 in New York.
The EMA issued a brief statement Wednesday saying that it had been attacked and had “swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities.” It declined further comment.
Moderna Inc., another U.S.-based pharmaceutical company with a comparable vaccine in development, said it hadn’t received any notification from the European regulator about a data breach.
“We are engaged with them and monitoring the situation,” a company spokesperson said. “Moderna remains highly vigilant to potential cybersecurity threats.”
Both the Pfizer-BioNTech and Moderna two-dose vaccine regimens rely on a new technology known as messenger RNA. Moderna is slightly behind Pfizer in the race to bring forth an authorized vaccine. The biotechnology company has approached the EMA for a conditional marketing authorization and is also under a rolling review. A clearance could be issued within weeks, according to the EMA.
The U.S. Food and Drug Administration, the American drug regulator, declined to say whether it had been targeted recently by hackers. “Information security and the protection of industry and public health information are among FDA’s highest priorities,” according to Stephanie Caccomo, media relations director. “The agency is always enhancing its cybersecurity strategies to ensure FDA information security systems provide adequate protection of industry data and public health information on a continual, long-term basis.”
Since the pandemic began, hackers aligned with governments including Russia and China have been accused of targeting companies and research institutions working on coronavirus research. Cybersecurity researchers at International Business Machines Corp., for instance, recently disclosed that unknown hackers, probably tied to a nation-state, were targeting companies and government agencies involved in vaccine distribution.
The hackers pretended they were from one of the world’s largest cold-chain providers, who offer the type of refrigeration necessary for certain vaccines. It wasn’t clear if the victims fell for the scam. But if they did, the credentials they stole could help an attacker “gain insight into internal communications, as well as the process, methods and plans to distribute a COVID-19 vaccine,” IBM Security said in a statement.
In addition, in November, Microsoft Corp. said hackers in Russia and North Korea had targeted seven “prominent” companies working on vaccines and treatment research. Microsoft, which didn’t identify the companies, said the majority of the attacks were blocked.
In July, the U.K., U.S. and Canadian governments accused Russian intelligence of attempting to steal private information from researchers racing to develop a vaccine. And in May, the U.S. government warned that hackers working for the Chinese government were trying to steal research on vaccines and treatments from U.S. health care, pharmaceutical and research organizations.